Messages

Hey,

I've got as couple of questions re. Insights graphs.
First, does anyone know what mystery interface '9' is in the image below?
I don't see it often but when I do I can see no reason for it.



Also, does anyone know if Insight displays both sender and responder port numbers?



I don't have port 30243 open in my firewall, so what am I seeing here?

Thanks!

Probably a stupid question but i'm not sure what i'm looking at.

Most of the ports i'm seeing usage on are ports i've open.  The 27***'s are steam, i've got 7k through 9k open for rocket league, but 10000?  That's not a port i've enable access to, it's not in any of my aliases, etc, so why's it showing up in the graph?

Does this graph show port usage from both directions?

If i'm understanding you correctly you're saying setting Suricara to monitor the WAN interface is pointless?

If it doesn't inspect HOME_NET addresses, why am I seeing so much more CPU usage when Suricata's conf'd to inspect LAN instead of WAN?

I've noticed Suricata's CPU usage rarely exceeds 3% when set to monitor just the WAN interface.

If I configure it to monitor LAN, or both LAN and WAN, (depending on throughput) Suricata's CPU usage can get >100%, which I guess I should expect to see?

I'm running the latest version of opnsense on an APU2C4.

Currently Suricata's conf'd to run on both WAN and LAN; here's an ifconfig output:

igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,TXCSUM_IPV6>

igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=5400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,NETMAP,TXCSUM_IPV6>

Thanks in advance.